Game Theory and Privacy

peanutplausibleΗλεκτρονική - Συσκευές

21 Νοε 2013 (πριν από 3 χρόνια και 6 μήνες)

79 εμφανίσεις

Game Theory and Privacy
Preservation in Recommendation
Systems

Iordanis

Koutsopoulos


U of Thessaly


Thalis

project CROWN

Kick
-
off Meeting

Volos, May 11, 2012

State of the art


Internet
-
enabled services
rely on end
-
user
data to provide personalized feedback to user


User provisioned data constitute user profile



Escalating privacy concerns to end users:


Profile revelation, possible consequences from
correlating various segments of the profile


Possible improper data use by third parties, data
monetization



Examples

Case Study

User Profile

Entities involved

Scope (Service)

Web browsing

Web browsing

behavior (sites
visited, frequency of
visit, …)

佮Oi湥

卥S癩v攠
Pro癩摥v猠⡇潯杬攬
F慣敢潯a
,…)

Targeted

advertising

Location

Locations visited,
length of stay,
trajectory,..

Mobile Telecom

operators, mobile
equipment
manufacturers (e.g.
Apple,…)

䱯La瑩潮
-
扡b敤
獥r癩v敳
 潣a瑩潮
-
扡b敤⁡ 猬潣a瑩湧
on map, receiving
alert/
notifications,…)

卭S牴⁍ t敲e湧

Pow敲ec潮o畭灴i潮o
灲潦楬攠(
慰ali慮捥a
on/off,…)

Electric utility

operators

Smart

grid services
(e.g. demand
response), ads,…

Recommendation

Systems

Rating

for items
bought/seen,…

佮Oi湥 ret慩a敲猠
⡁浡(潮⤬

浥mi愠
providers (Netflix),…

R散潭浥湤a瑩潮

潦o
it敭e映lik敬礠
int敲敳琠t漠畳敲

Basic Questions


How to model a user personal profile?




How to quantify privacy?



What does privacy preservation mean and how to quantify it?



How to measure the Quality of personalized services received
by the user?



Can the users do something besides individually trying to hide
their personal profiles?



User Profile and privacy


Finite set of attributes A that characterize user profile


Profile can be modeled as a real vector of dimension |A|


Vector entries are values with respect to various attributes



When does privacy increase?


Reveal a profile vector that is as far away as possible from real profile
vector

Example User Profiles




Location
-
based Services

P = (L(1),L(2),…L(t),..) :

Locations visited

Web browsing

P = (w
1
, …w
t
) :

Categories of websites visited

Smart metering

P=(a
1
,…a
n
) :

Power consumption of

Electric appliances

Recommendation Systems

P=(a
1
,…a
n
) : Private Ratings of

Items, e.g. movies watched

Recommendation Systems


Recommendation systems:

data exchange between the users and a
central entity (server) that performs recommendations


user
privacy concerns



User goal:


preserve privacy
by not revealing much information to third
party about private preferences and ratings.



receive high
-
quality personalized recommendation results



Fundamental tradeoff between
privacy preservation
and
recommendation quality
.


Model: Ratings and recommendation


Set
U

of
N

users and set of items
I
available for recommendation.


S
i


I:
a small subset of items that a user
i

has already viewed,
purchased (or obtained experience of)


p
i

= (
p
ik

: k


S
i
):

vector of ratings of user
i

for the items he has
viewed


0 ≤
p
ik

≤ P (continuous
-
valued)


Vector of
ratings p
i

is private information
for each user
i
.


q
i

= (
q
ik

: k


S
i
):

vector
of declared ratings from user
i

to the
server (different from p
i
).


Model: Ratings and recommendation

(2)










P = (
p
i

:
i



U):

ensemble of
private ratings

of users.


Q = (
q
i

:
i



U):

ensemble of
declared ratings
of users to server.


Recommendation server collects declared user profiles and issues
personalized recommendations to different users.


Computes recommendation vector
r
i

=

f
i
(Q) =
f
i
(
q
1
, . . . ,
q
N
)
for each user
i
.


Vector of
r
i

dimension |I
\

S
i
| (items that user
i

has not viewed)

2 popular classes of recommendation systems


Collaborative filtering (CF):


For each user
i

and for each item not tried (viewed) by
i
, compute a statistic
based on other users’ rating about the item


Content based (CB):


For each user
i
, and for each item k not tried (viewed) by
i
, compute a
statistic based on relation of k with other items that
i

has viewed



Simple Example for Intuition : 3 Items, {A,B,C}, 2 users


User 1 has seen and rated {A,B}


User 2 has seen and rated {B,C}


Question: Will C be recommended to user 1 or not? With what
rating?


Depends on:


Rating of user 1 for A and B, and “Similarity” of A,B to C (Content
-
Based)


Rating of user 2 for C (Collaborative Filtering)

Case Study: A Hybrid Recommendation system


Collaborative filtering + Content
-
based approach


For each user
i
, the recommendation server applies the following measure to
compute metrics
r
iℓ

for items

, so as to rate them and
use them in the recommendation vector for user
i
:







ρ
k




[0, 1] is the correlation between items k and

.


Recommendation
r
i

=
f
i
(
q
i
, q

i
).
that each user
i

receives depends
on:


declared profiles of other users to server,
q

i

= (q
1
, . . . , q
i−1
, q
i+1
, . . . ,
q
N
)


declared profile of this specific user,
q
i




Collaborative filtering

Content
-
based

Privacy metric


Quantifies degree at which privacy is preserved for user
i
.


Simplest form: Depends on Euclidean Distance between
private
profile p
i

and
declared profile
q
i

of user
i
.


Function that quantifies privacy preservation for user
i

is taken:




Privacy increases as Euclidean distance increases



Distance weighted by the private rating
p
ik


among items whose private and declared rating have the same distance,
it is preferable from privacy preservation perspective to change rating of
items that are higher rated in reality


Quality of Personalized Service


Quality of personalized recommendation


Measured in terms of the Euclidean distance between


the recommendation vector user
i

gets if he declares profile
q
i

and


the recommendation vector he would
get

if he declared the real private
rating

p
i
, regardless of what other users do.


Should not exceed a level D


OBJECTIVE of each user:


MAXIMIZE privacy

while


satisfying certain quality of personalized recommendation


If each user selfishly pursues his own objective, a game emerges


M.
Halkidi

and I.
Koutsopoulos
, “A game theoretic framework for data privacy preservation in Recommender systems,
European
Conference on Machine Learning and Principles and Practice of knowledge discovery in databases (ECML/PKDD),

2011.



System architecture

The agent of user
i

solves
the optimization

problem

the server passes to

user i

ECML PKDD 2011, Athens, Greece / M.
Halkidi
, I
Koutsopoulos

14

MAXIMIZE privacy

s.t

satisfy certain quality of personalized

recommendation

A Nash equilibrium
exists, Best Response
converges to N.E.

Conclusion


Step towards characterizing the fundamental
tradeoff between
privacy preservation and good quality recommendation
, more to do


Quantify privacy is a non
-
trivial challenge!


Introduced
game theoretic framework
for capturing the interaction
and conflicting interests of users in the context of privacy
preservation in recommendation systems


Each user selfishly attempts to maximize its own privacy


Can users coordinate and jointly determine their rating revelation
strategy so as to have mutual
benefit

in terms of privacy
preservation?


More enriched definition
of privacy?


What if there exist conflicting goals in third parties that make the
recommendation?


Incentives to users for revealing their profile?


M.
Halkidi

and I.
Koutsopoulos
, “A game theoretic framework for data privacy preservation in Recommender systems,

European Conference on Machine Learning and Principles and Practice of knowledge discovery in databases (ECML/PKDD),

2011.